Test with Comodo - Bypassed.

READ THIS FIRST!
I’m NOT a spammer, attacker, abuser… I only want to have the truth. I know Languy99, I watch his reviews! I’m only gonna ask you this big question! Do not ban me, Im just curios and want to know what behind the Comodo!

I recently tested Comodo(NO VIDEO) I was just testing for fun against 10 links.
But within the same… I could bypass Comodo Internet Security. Everything was set to High, it detected half of them. But when I landed on this wierd FAKE AV’S, it all went to Bypass comodo! No lie!
The Comodo alerts were following like: “This .exe is a safe file.” So, what should I do? Allow or deny, its says it safe right? I click allow… No sandbox alert.

I go into another LINK, and it is also a fake AV.
The Alert: “This file has not a digital signature.” I click allow, Sandbox pop-ups, it sandboxed an .exe
I’m done with the links, I restart… Scan with MalwareBytes it found 2 things infected. Those 2 missed AVS.
Hitman pro found some temp files and the same.

I’m not attacking Comodo! I just hear everyone say “COMODO IS 100% PROTECTION!” Well, how could I bypass it. I’m not going into an flame war - Just talk with me if I did something wrong… or why I could bypass it.
Cheers!
Armin.

Well, you don’t give us proof ! You only ask us to trust you !

My trust can only go so far but you know the saying, “seeing is believing” !!

Maybe if u do some video or bring some proof of this…

Send LanGuy99 or one of us other Mod’s the file.

Thanks.

yes all rogue bypass … comodo, its not new :confused:

well anybody that knows them can tell you those fake avs are tricky hell i bumoed into one and it looked real i would have really thought it was true if i didnt know it was fake

Fake Av’s are hard to detect becasue they don’t do any harm to the computer ( at least most of them) all they try to do is extort money out of the user. So a HIPS, behavior blocker or anything else along those lines are useless. There are a few ways to protect against them that I know comodo is working on right now but I can’t talk about it. ;D

Armine pa postavi Linkove da i mi probamo ( Armin, give us the Links to try ourself)!

Glad to hear that mate! :-TU

He’s a witch! May we burn him? >:-D

Currently sandboxed files are able to drop files outside of the sandbox. However, these files will be sandboxed as soon as they try to run.

I assume that’s what’s going on here. These files detected by MalwareBytes aren’t dangerous because if activated they’d be sandboxed.

Can you please PM me a link to the files that CIS advised were safe?

Thanks.

I could have made a mistake… but okay. Rush me already but here is a proof on my mistake.

NEW TEST:
I just tested the latest and Hitman Pro only found Temp files. MalwareBytes says it found 2 .exe, but not running ram. Im not an expert to COMODO, but heres my video of Comodo. :stuck_out_tongue: You could maybe tell me why MBAM detected that, cause I don’t know why when sandbox stopped them. O0

My channel: TheLivingEdge42 - YouTube

COMODO video: Comodo Internet Security 4.1 Prevention Test.mp4 - YouTube Watch in HD, in FULLSCREEN.

I’m Sorry for the mistake! :-[

Not a bad test, but I must wonder. Why did you allow the Firewall alerts for the malware when the alert specifically said to only allow them if the file is one of your everyday applications?

Other than that, not a bad test. Next time it may be a good idea to clean the temp files with Ccleaner before scanning. This gets rid of the temp files (which aren’t any danger to the computer) and therefore makes it easier to evaluate the results. Also, disable the option in Hitman Pro to “Scan for Tracking Cookies”. For me this is annoying and, for the purposes of these type of tests, give no useful information anyway.

Overall though, good video.

I think I watched carefully and I’ve thought you’ve clicked “allow” (by mistake?) in some firewall questions.
Also, no temporary files should left after the applications were sandboxed. It’s not normal…

Hmmm… Are you talking seriously?

Yes, in this case the malware was run and yet wasn’t able to infect the rest of the system.

The sandbox does allow applications to drop files outside of the sandbox. Many folders are protected, but not all for usability purposes.

Thus if the malware is found only in the temp folders then it indicates that the sandbox protected the system from infection.

Is my logic incorrect or did I just explain this poorly before?

And can’t they be executed later? Started… I wouldn’t let an infected file in the computer just because it is on the temp folder. Oh no, on contrary, I would like my antivirus caught it and remove it from my system.

Well… you need to trust in your antivirus then… not in the power of the sandbox. Excluded folders must be completely safe, otherwise, all the purpose of the sandbox is to be bypassed…

I can’t believe the sandbox releases files to the Windows temp folder…!

even if they can be executed they will be sandboxed, I have tested this multiple time. You are totally safe.

I have also tested this. I actually went through 5 pages of MDL and ran every executable file on my computer. I sandboxed all of them that weren’t caught and I then restarted. I found that one of them was running, but after I deleted the single executable, which was still in my downloads folder, I didn’t find any malicious files on my computer except in the temp folders.

It’s for this reason that I’m so confident in the sandbox. Yes, you can have malicious files on your computer, but they can’t affect the system, except for eating up resources. Also, as long as you deny them access to the internet they can’t steal any information. I felt I should mention this last point because some tests run in the sandbox do seem to indicate that not all possible methods for monitoring the system, and other files, are currently protected completely. This is the only vulnerability that I know of that Defense+ does not suffer from also.

What is the directory for the Temp files? I want to check something…

Thanks.

Ok. Thanks. It’s a relief.
Anyway, I think files shouldn’t be there but in a complete different sandboxed folder.
Isn’t it the sandbox a complete independent environment?

no you are confusing total sandboxing virtualization with the automatic system comodo uses. The automatic parts lets files drop along with other small things while still keeping the system secure. While if you right click on a file and select run in sandbox everything is virtualized.